The European Telecommunications Standardisation Institute (ETSI) is currently in the process of standardising a new set of protocols for mobile telecommunications systems. The set of protocols is known collectively as Universal Mobile Telecommunications System (UMTS). The architecture of a UMTS network is based upon a UMTS core network and a UMTS Terrestrial Radio Access Network (UTRAN). Within and between core networks, it will be necessary to transfer signalling information between network elements such as Mobile Switching Centres (MSCs) and Home and Visitor Location Registers (HLRs/VLRs). The signalling network itself may be an SS7 network or possibly an IP network. The protocol used for transporting signalling messages is the Mobile Application Part (MAP) protocol which is currently used in the second generation GSM networks. MAP will be enhanced to provide additional features.
The introduction of UMTS will be a gradual process. UMTS networks must therefore interwork with existing networks for the foreseeable future. It is also envisaged that within a given network there may be network elements which implement the enhanced MAP protocol and other network elements which don't. Again, interworking between these different elements must be possible.
One of the enhancements being made to MAP is the introduction of improved security for signalling traffic. A protocol called MAPSEC implements this security and carries MAP messages. MAPSEC utilises some suitable encryption and authentication mechanism. The use of MAPSEC in an internodal communication is specified by a Security Policy Database (SPD) of one or more of the communicating network elements. The SPD specifies that MAPSEC shall be applied to all signalling communications towards a particular network. According to the current proposals, a MAPSEC protected communication commences with the sending of a MAPSEC message (containing a MAP message) from the initiating network element (which is assumed to be MAPSEC capable) to a peer network element. In the event that the peer network element is MAPSEC capable, that network element will return a MAPSEC response message. This is illustrated in FIG. 1. In the event that the peer network element is not MAPSEC capable, the network element will return a message to the initiating network element that it does not support MAPSEC (this may be a MAP message indicating that the received MAPSEC message was not recognised). The initiating network element will then forward an unprotected MAP message to the peer network element which will respond with a MAP response message. This exchange of messages is illustrated in FIG. 2.
The exchange of messages illustrated in FIG. 2 will add two round trip delays to the process. Particularly during the early stages of UMTS introduction, when most network elements will not have MAPSEC capability, this will represent a significant extra load on signalling networks and will delay many network operations (e.g. call set-up). It will be appreciated that this problem is not unique to public land mobile networks (PLMNs) (or to the MAP protocol), and may arise in other types of network where different nodes have different security policies.